WordPress搭建 + Nginx https反向代理配置内容

映射端口自行修改本例使用8081进行映射 nginx的proxy_set_header 内容很关键,为了解决wordpress重定向以及资源文件加载绝对路径问题

准备工作
#创建wordpress apache2配置目录
mkdir -p /opt/container/wordpress/apache2
#创建wordpress html文件目录
mkdir -p /opt/container/wordpress/html
#创建wordpress mysql存储目录
mkdir -p /opt/container/wordpress/mysql
准备工作2 启动WORDPRESS CP配置文件到本地
#启动容器
docker run -itd --name wordpress wordpress
#cp文件到本地
docker cp wordpress:/etc/apache2/ /opt/container/wordpress/
#删除容器
docker stop wordpress
docker rm wordpress

1.使用docker-compose up -d 启动docker-compose配置

docker-compose up -d

docker-compose编写参考 文件名docker-compose.yml

version: "3"

services:

  mysql:
    container_name: mysql
    image: mysql
    restart: always
    networks:
      - wpnet
#    ports:
#      - 3306:3306
    volumes:
      - /opt/container/wordpress/mysql:/var/lib/mysql
    environment:
      MYSQL_ROOT_PASSWORD: xxxxxx

  wordpress:
    links:
      - mysql
    depends_on:
      - mysql
    container_name: wordpress
    image: wordpress
    restart: always
    networks:
      - wpnet
    ports:
      - 8081:80
#      - 443:443
    volumes:
      - /opt/container/wordpress/html:/var/www/html
      - /opt/container/wordpress/apache2:/etc/apache2
    environment:
      WORDPRESS_DB_HOST: mysql
      WORDPRESS_DB_NAME: wordpress
      WORDPRESS_DB_USER: root
      WORDPRESS_DB_PASSWORD: xxxxxx

networks:
  wpnet:
    driver: bridge

2.docker ps -a 查看状态 wordpress并未启动是因为数据库中wordpress数据库并未创建 启动失败

    #进入mysql容器      
    docker exec -it mysql /bin/bash  
    #登录数据库 输入密码
    mysql -u root -p
    #创建数据库
    create database wordpress;
    
    #数据库未暴露端口无需执行
    #配置mysql初始化密码 开启远程登陆
    #ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY 'xxxxxx';
    #刷新权限
    #FLUSH PRIVILEGES;
    #exit 退出容器
    
    exit

   #重新启动wordpress
   docker restart wordpress  

Nginx配置文件新增以下 证书信息以及宿主机地址自行修改

    #重定向
    server {
        listen  80;
        server_name owothink.com;
        rewrite ^(.*) https://$host$1 permanent;
    }  
    #HTTPS配置
    server {
        listen 443 ssl;
        charset utf-8;
        server_name owothink.com;

        ssl_certificate /etc/nginx/ssl/owothink.com.pem;
        ssl_certificate_key /etc/nginx/ssl/owothink.com.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;

        fastcgi_param HTTPS on;
        fastcgi_param HTTP_SCHEME https;

        location / {
#            proxy_redirect     off;
            proxy_set_header   Host $host;
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Host $server_name;
            proxy_set_header   X-Forwarded-Proto https;
            proxy_set_header   Upgrade $http_upgrade;
            proxy_set_header   Connection "upgrade";
            proxy_read_timeout 86400;
            proxy_pass http://172.18.0.1:8081;
            proxy_redirect default;
        }
    }